Package Exports

mcp-wordpress
mcp-wordpress/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (mcp-wordpress) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

🚀 MCP WordPress Server

The Most Comprehensive WordPress MCP Server

Manage WordPress sites with natural language through AI tools like Claude Desktop

Quick Start • Features • Installation • Documentation • Examples

🎯 Why This MCP Server?

Transform WordPress management from complex admin panels to simple conversations:

❌ Before: Login → Admin Panel → Navigate → Click → Fill Forms → Save
✅ After:  "Create a new blog post about AI trends with SEO optimization"

Key Advantages:

🏆 Most Complete: 59 tools vs 20-30 in alternatives
⚡ Fastest Setup: 2-click Claude Desktop installation via DXT
🔒 Production Ready: 207 tests, security audited, battle-tested
🎯 TypeScript Native: 100% type safety, best-in-class developer experience
🌐 Multi-Site: Manage unlimited WordPress sites from one place

🚀 Quick Start

Get up and running in under 5 minutes:

Prerequisites

WordPress: Version 5.6+ with REST API enabled
Claude Desktop: Latest version installed
Application Password: Generated from WordPress admin panel

3-Step Setup

1️⃣ Generate WordPress Application Password

WordPress Admin → Users → Profile → Application Passwords → Add New

2️⃣ Install MCP Server (Choose One)

Option A: DXT Extension (Easiest)

# Download and install in Claude Desktop
curl -L https://github.com/docdyhr/mcp-wordpress/raw/main/mcp-wordpress.dxt -o mcp-wordpress.dxt
# Then: Claude Desktop → Extensions → Install → Select DXT file

Option B: NPM Global Install

npm install -g mcp-wordpress

3️⃣ Test Your Connection

In Claude: "Test my WordPress connection"
Response: "✅ Authentication successful! Connected to: Your Site Name"

📺 Watch 2-minute Setup Video | 📖 Detailed Setup Guide

⚡ Installation Options

🏆 Recommended: Claude Desktop Extension (DXT)

Easiest installation - just 2 clicks!

Download: mcp-wordpress.dxt (2.6MB)
Install: Claude Desktop → Extensions → Install → Select DXT file
Configure: Enter your WordPress site URL and credentials

✅ Zero command line required
✅ Automatic updates
✅ Built-in security

📖 Complete DXT Setup Guide →

🚀 Alternative: NPX (Power Users)

# Run directly - always latest version
npx -y mcp-wordpress

# Interactive setup wizard
npm run setup

📦 Secondary: Smithery Package Manager

# Install via Smithery (MCP package manager)
smithery install mcp-wordpress

# Configure and start
smithery configure mcp-wordpress

✅ Package management
✅ Version control
✅ Easy updates

Installing via Smithery

To install mcp-wordpress for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @docdyhr/mcp-wordpress --client claude

🔧 Other Options

💻 NPM Setup - Local development
🐳 Docker Setup - Production deployment
📦 Smithery Setup - MCP package manager (detailed guide)
🔧 Manual Build - Custom builds

🌟 What Makes This Special

🏆 Feature Comparison

Feature	This Server	Competition
Tools Available	59 tools	20-30 tools
Claude Desktop DXT	✅ 2-click install	❌ Manual setup
Multi-Site Support	✅ Unlimited sites	❌ Single site
TypeScript	✅ 100% coverage	⚠️ Partial/None
Performance Monitoring	✅ Real-time analytics	❌ Basic only
Test Coverage	✅ 207 tests (100%)	⚠️ Limited
Production Ready	✅ Security audited	⚠️ Unknown

🚀 Core Capabilities

WordPress Management

59 WordPress Tools across 10 categories
Multi-Site Support - Manage unlimited WordPress installations
Flexible Authentication - App Passwords, JWT, Basic Auth, API Key
Real-Time Sync - Instant updates across all connected tools

Performance & Reliability

⚡ Intelligent Caching - 50-70% performance improvement
📊 Real-Time Monitoring - Performance metrics and optimization insights
🔒 Production Ready - Security-reviewed, 95%+ test coverage
🔄 Zero Downtime - Graceful error handling and automatic recovery

Developer Experience

100% TypeScript - Complete type safety and IntelliSense
🐳 Docker Support - Production-ready containerization
📚 Auto-Generated Docs - API documentation with live examples
🔧 Extensible - Custom tool development framework

🌐 Multi-Site Configuration

Perfect for agencies and developers managing multiple WordPress sites:

{
  "sites": [
    {
      "id": "main-site",
      "name": "Main WordPress Site",
      "config": {
        "WORDPRESS_SITE_URL": "https://site1.com",
        "WORDPRESS_USERNAME": "admin",
        "WORDPRESS_APP_PASSWORD": "xxxx xxxx xxxx xxxx xxxx xxxx"
      }
    },
    {
      "id": "client-blog",
      "name": "Client Blog",
      "config": {
        "WORDPRESS_SITE_URL": "https://client-blog.com",
        "WORDPRESS_USERNAME": "editor",
        "WORDPRESS_APP_PASSWORD": "yyyy yyyy yyyy yyyy yyyy yyyy"
      }
    }
  ]
}

Use with site parameter: wp_list_posts --site="main-site"

📖 Complete Multi-Site Setup Guide

🔐 Authentication Setup

WordPress Application Passwords (Recommended)

WordPress Admin → Users → Profile
Scroll to Application Passwords
Enter name: "MCP WordPress Server"
Click Add New Application Password
Copy the generated password

Alternative Methods

JWT Authentication - With JWT plugin
Basic Authentication - Username/password (dev only)
API Key Authentication - With API Key plugin

📖 Complete Authentication Guide

📋 Available Tools (59 Tools)

Content Management

📝 Posts (6 tools) - Create, edit, delete, list posts and revisions
📄 Pages (6 tools) - Manage static pages and revisions
🖼️ Media (6 tools) - Upload, manage media library and files

User & Community

👥 Users (6 tools) - User management and profiles
💬 Comments (7 tools) - Comment moderation and management
🏷️ Taxonomies (10 tools) - Categories and tags management

Site Management

⚙️ Site Settings (7 tools) - Site configuration and statistics
🔐 Authentication (6 tools) - Auth testing and management
⚡ Cache Management (4 tools) - Performance caching control
📊 Performance Monitoring (6 tools) - Real-time metrics and optimization

📖 Complete Tool Documentation | Live API Reference

🤖 Claude Desktop Integration

🎯 Real-World Use Cases

Content Creation & Management:

💬 "Analyze my top 10 blog posts and create a new post about emerging trends"
💬 "Upload these 5 images and create a photo gallery page with SEO optimization"
💬 "Review all pending comments and approve the legitimate ones"

Site Management & Analytics:

💬 "Check my WordPress site performance and provide optimization recommendations"
💬 "Create a new user account for my freelance writer with editor permissions"
💬 "Backup my site settings and show me cache performance statistics"

Bulk Operations:

💬 "Update all posts from 2023 to include my new author bio"
💬 "Find all images over 1MB and suggest compression strategies"
💬 "List all users who haven't logged in for 6 months"

⚙️ Configuration Methods

Option 1: DXT Extension (Recommended)

No configuration needed - built-in secure credential management!

Option 2: NPX in Claude Desktop

{
  "mcpServers": {
    "mcp-wordpress": {
      "command": "npx",
      "args": ["-y", "mcp-wordpress"],
      "env": {
        "WORDPRESS_SITE_URL": "https://your-site.com",
        "WORDPRESS_USERNAME": "your-username",
        "WORDPRESS_APP_PASSWORD": "your-app-password"
      }
    }
  }
}

📖 Complete Integration Guide

📚 Examples

Basic Content Management

Create and Publish a Blog Post

You: "Create a new blog post titled 'AI Revolution in 2024' with content about recent AI breakthroughs"
Claude: "I'll create that blog post for you..."
Result: ✅ Post "AI Revolution in 2024" created successfully (ID: 123)

Media Management

You: "Upload the image at /path/to/image.jpg and set it as featured image for post 123"
Claude: "I'll upload that image and set it as the featured image..."
Result: ✅ Image uploaded (ID: 456) and set as featured image

Advanced Workflows

SEO-Optimized Content Creation

You: "Create an SEO-optimized blog post about 'WordPress Security Best Practices' with:
     - Focus keyword: 'WordPress security'
     - Meta description
     - Proper heading structure
     - At least 1500 words"
     
Claude: "I'll create a comprehensive SEO-optimized post on WordPress security..."

Bulk Operations

You: "Find all draft posts older than 30 days and provide a summary"
You: "Update all posts in category 'News' to include a disclaimer at the end"
You: "Delete all spam comments from the last week"

Site Management

Performance Monitoring

You: "Analyze my site's performance and suggest optimizations"
Claude: "Let me check your site's performance metrics...
         - Cache hit rate: 67%
         - Average response time: 245ms
         - Recommendations: Enable object caching, optimize images..."

User Management

You: "Create a new editor account for john@example.com with a secure password"
You: "List all users who haven't logged in for 90 days"
You: "Update Sarah's role from Author to Editor"

Multi-Site Management

Working with Multiple Sites

You: "List all posts from my client-blog site"
Claude: "I'll list the posts from the client-blog site..."

You: "Compare traffic between main-site and client-blog"
Claude: "Here's a comparison of both sites..."

📖 More Examples | Use Case Library

🧪 Testing & Status

Current Test Status ✅

Main Test Suite: 207/207 passed (100%)
Security Tests: 40/40 passed (100%)
Performance Tests: 8/8 passed (100%)
CI/CD Pipeline: Fully functional

Test Your Installation

# Check connection status
npm run status

# Run full test suite
npm test

# Quick validation
npm run test:fast

🔒 Security Status

Comprehensive Security Testing

Our security posture is continuously monitored through automated testing and vulnerability scanning:

Security Area	Status	Tests	Coverage
XSS Protection	✅ Secure	6/6 passing	Script injection, URL validation, HTML sanitization
SQL Injection	✅ Secure	3/3 passing	Query parameterization, input validation
Path Traversal	✅ Secure	3/3 passing	File path validation, directory restrictions
Input Validation	✅ Secure	9/9 passing	Length limits, format validation, sanitization
Authentication	✅ Secure	7/7 passing	Bypass prevention, token validation
Rate Limiting	✅ Secure	3/3 passing	DoS protection, request throttling
Information Disclosure	✅ Secure	2/2 passing	Error sanitization, sensitive data protection
Penetration Testing	✅ Secure	12/12 passing	Comprehensive attack simulation

Security Features

🛡️ Input Sanitization: All user inputs are validated and sanitized
🔐 Authentication Security: Multi-method auth with bypass prevention
⚡ Rate Limiting: Built-in protection against abuse and DoS attacks
🔍 Vulnerability Scanning: Daily automated security scans
📊 Real-time Monitoring: Continuous security status updates
🚨 Automated Alerts: Immediate notification of security issues

Security Testing Commands

# Run comprehensive security tests
npm run test:security

# Run penetration testing suite
npm run test:security:validation

# Security vulnerability audit
npm audit

# Full security validation
npm run security:full

Security Compliance

OWASP Top 10: Complete protection against common vulnerabilities
CVE Monitoring: Automated scanning for known vulnerabilities
Security Headers: Proper HTTP security headers implementation
Data Protection: Sensitive credential redaction and secure storage
Access Control: Role-based permissions and authentication validation

📖 Complete Security Documentation | Security Test Results

🐛 Troubleshooting

Common Issues

"Cannot connect to WordPress"
- Verify WORDPRESS_SITE_URL
- Test REST API: curl https://your-site.com/wp-json/wp/v2/
"Authentication failed"
- Check username and application password
- Ensure Application Passwords are enabled
- Run npm run setup to reconfigure
"Tools not appearing in Claude"
- Restart Claude Desktop after configuration
- Check Claude Desktop config file format

Get Help

# Debug mode
DEBUG=true npm run dev

# Connection test
npm run status

# Re-run setup wizard
npm run setup

📚 Documentation

Getting Started

Quick Start Guide - Get running in 5 minutes
Installation Guide - Detailed setup instructions
Configuration Guide - All configuration options
Authentication Setup - WordPress auth methods

User Guides

Basic Usage - Common tasks and workflows
Advanced Workflows - Complex automation
Multi-Site Management - Managing multiple sites
Troubleshooting - Common issues and solutions

Integration Guides

Claude Desktop - Complete Claude integration
VS Code - VS Code extension setup
Cline - Cline AI assistant integration
Custom Clients - Build your own MCP client

Developer Documentation

API Reference - Complete tool documentation
Architecture - System design and decisions
Contributing - Development guidelines
Plugin Development - Extend functionality

Deployment & Operations

Docker Deployment - Container deployment
Security Best Practices - Production security
Performance Tuning - Optimization guide
Monitoring - Logging and metrics

🔧 Requirements

WordPress 5.0+ with REST API enabled
HTTPS recommended for production
User with appropriate permissions
Application Passwords enabled (WordPress 5.6+)

WordPress User Roles

Role	Access
Administrator	Full access to all functions
Editor	Posts, pages, comments, media
Author	Own posts and media
Contributor	Own posts (drafts only)
Subscriber	Read only

📦 Installation Options

NPM Package

# Global installation
npm install -g mcp-wordpress

# Direct usage (recommended)
npx -y mcp-wordpress

Docker Images

# Latest version
docker pull docdyhr/mcp-wordpress:latest

# Specific version
docker pull docdyhr/mcp-wordpress:1.3.1

Distribution Channels

NPM: mcp-wordpress
Docker Hub: docdyhr/mcp-wordpress
GitHub: Latest releases

🚀 Next Steps

Ready to transform your WordPress management?

🏆 Download DXT Extension - Easiest setup (2 minutes)
⚡ Try NPX Method - Power user setup (5 minutes)
📚 Explore All Tools - See what's possible
💬 Join Discussions - Get help and share ideas

🙏 Acknowledgments

Special thanks to Stephan Ferraro for the upstream project that inspired this implementation.

⭐ Found this helpful? Give us a star on GitHub! ⭐